CVE-2024-4886
published 2024-06-05CVE-2024-4886: The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.38%
29.3th percentile
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| buddyboss | buddyboss_platform | < 2.6.00 | 2.6.00 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-27r3-85x4-pfqv: The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
ghsa_unreviewed·2024-06-05
CVE-2024-4886 [MEDIUM] CWE-639 GHSA-27r3-85x4-pfqv: The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request
Red Hat
kernel: PCI: Add missing bridge lock to pci_bus_lock()
vendor_redhat·2024-09-18·CVSS 5.5
CVE-2024-46750 [MEDIUM] CWE-667 kernel: PCI: Add missing bridge lock to pci_bus_lock()
kernel: PCI: Add missing bridge lock to pci_bus_lock()
In the Linux kernel, the following vulnerability has been resolved:
PCI: Add missing bridge lock to pci_bus_lock()
One of the true positives that the cfg_access_lock lockdep effort
identified is this sequence:
WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70
RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70
Call Trace:
? __warn+0x8c/0x190
? pci_bridge_secondary_bus_reset+0x5d/0x70
? report_bug+0x1f8/0x200
? handle_bug+0x3c/0x70
? exc_invalid_op+0x18/0x70
? asm_exc_invalid_op+0x1a/0x20
? pci_bridge_secondary_bus_reset+0x5d/0x70
pci_reset_bus+0x1d8/0x270
vmd_probe+0x778/0xa10
pci_device_probe+0x95/0x120
Where pci_reset_bus() users are triggering unlocked secondary bus resets.
Ironically pci_bu
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-05
Published